Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and...
Autor: NSFOCUS
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed...
O que é um Firewall? Funcionalidades e por que usar?
Sabe-se que a segurança é fundamental para os usuários de computadores. Como atualmente estes aparelhos se tornam parte do dia-a-dia, é muito comum ver um aumento nas ameaças à segurança. Na hora de monitorar e filtrar esses possíveis ataques, foi desenvolvido o Firewall, que ajuda a bloquear o acesso não...
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission credentials by hacking into the security...
NSFOCUS Threat Intelligence: Building an OpenClaw Defense System with Multiple-Layer Protection
In 2026, AI agents are being widely used. OpenClaw has become a high-frequency efficiency improvement tool for enterprises and developers with its autonomous decision-making and local execution capabilities. However, several authoritative security agencies have recently issued warnings: OpenClaw is facing multi-dimensional security threats from supply chain poisoning to remote control....
RSAC 2026 Innovation Sandbox | ZeroPath: From Alarm Accumulation to Executable Fixes
Company Profile ZeroPath is an AI-native application security startup founded in 2024, and its core products also use the eponymous brand ZeroPath. The company focuses on using AI to automatically discover, verify and fix code vulnerabilities, trying to break through the limitations of traditional SAST, SCA, Secrets scanning and IaC...
